Analysis

  • max time kernel
    116s
  • max time network
    205s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2024 20:26

General

  • Target

    TrashMalwares-main/NoEscape8.0.exe

  • Size

    15.0MB

  • MD5

    1c18f75dafd667fb5559cf9b7cb5868e

  • SHA1

    deab3392cf25ebc52f15ecdcf7e4187dcaec81f7

  • SHA256

    bf3c03ff11e6610bbf806084ec2d58cd5aacb87e52cbf965a789fa74584de3a5

  • SHA512

    c68c8ee27265c81e7bb6ead434436398d198b9c2ce83092a8deb8539045b10b47ed660e2451297edd7eeebedc5254000fd5ad481f4642f64f4d74d6a964d3015

  • SSDEEP

    393216:ph/RLjBJPkh/6StJ+4qnWSz0hgSovW+PABRMW:phVcm9z06WEORX

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\NoEscape8.0.exe
    "C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\NoEscape8.0.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\yourpc\skid.bat" "
      2⤵
        PID:568

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\yourpc\skid.bat

      Filesize

      310B

      MD5

      427d18145e233d828cdbad04596134c9

      SHA1

      84cb6fae8ee844be1fd9eda8a6a74a5cce97ded8

      SHA256

      23efa2c8b42c0c599a2bd60cadfab2eac3a439e891509dc70c1ee2a9f5e86f2c

      SHA512

      fd5e0a70a4bd082311ab5559b832ba8ae8fce91a62faeec827e3a14a302ceda3697b2cc4d9f1c082170fe22ffff52b022791ebc8c6ec35a3946a9c3712e99444